How do you describe your job to average person?Provide strategic advice and innovative solutions that help organizations and people obtain the right information at the right time so that they can better optimize their business while reducing the inherent operational risk associated with the internet. If my clients are not successful – I am not successful.Why did you get into IT security?
When I was in college, I began to take computer courses and started to realize the power of information. Later, while in the military as a cryptology officer, I quickly came to the conclusion that having access to the appropriate data was a strategic asset. This led me to start thinking about the protection of data. A cyber criminal could manipulate data, causing an organization to doubt the validity of the data; disrupt a transmission, resulting in non-availability; or exploit the data, causing doubt in the confidentiality of the data.What keeps you up at night?
The realization of the breath of the capability of individuals, organizations and nation-states to maliciously exploit the internet and the impact that can occur coupled with our lack of proactive and preemptive actions to combat that threat given the complexity of the issues fuels my sleepless nights.Of what are you most proud?
Helping others achieve their goals and providing clients with that “ah-ha” moment when they come to the conclusion that the risks associated with using the internet are real and can be effectively and efficiently managed – when risk management disciplines are applied to the often highly technical discussions outlining information and cyber-related findings.For what would you use a magic IT security wand?
To reinforce the concept that information security is not a technology issue – technology is the enabler. I would use the wand to create teams in organizations whose primary purpose was to operationalize the existing technologies found within organizations and delay purchase of additional IT security-related technology. By optimizing the technology and using the available technology, the organization could reduce their cyber risk, resulting in specific value-added and actionable cybersecurity techniques.